Hi! I made a new hash algorithm can you check it for collisions and vulnerabilitys please?Thanks! Some hash values:abc => 0HZ|~Xi\|^YNvoHkabcd => 2f`C|xizUCUwiSRMaba => 9jx`x\ERbJEmjEaUbaa => 6nHPlxkjxXAMRIMMaab => 1jLdvvyPpVIinSMK0123456789 => 9Xx^PcudsU{guwPE

please post some example hashes for strings so that we can observe valid output from the command. I'm going to try and redo the code in java or something else because VB.net and C# just aren't my cup of tea. please post some generic examples such as:

"""a""abc""123""abcdefghijklmnopqrstuvwxyz1234567890"

im gonna try working on it tomorrow morning.

edit:

barney, the C# code isn't C# code, it's also the same exact code as you posted for the VB. please fix it or remove it.

barney, please don't use online converters, they don't work for shit. I tried the C# code, even with heavy modifications, i can't get it to compile properly. also, please post psuedo-code in the future, it's much easier to port it when it's universally readable.

barneystinson19 wrote:Hi! I made a new hash algorithm can you check it for collisions and vulnerabilitys please?Thanks!

Honestly, without a deep understanding of the math behind it, I wouldn't recommend trying to take on a task like this. You are bound to open yourself up to some serious security vulnerabilities.

That being said, a quick look at your code shows that you are constraining the input to 32 characters (already that opens you up to collisions) and then you process your plain and further constrain the output to 16 characters (applying further collision domains).

I don't think there's much of a need to even try to compile this. The implementation is flawed, and all of your operations seem very GPU-friendly, so collisions aside it would be very trivial to write a brute-forcer for this that would work at blazing speeds.

Honestly, MD5 is stronger than what you have presented here.

If you are just concerned about having a secure hashing method against attacks, I would recommend bcrypt using a high number of iterative rounds (say 10).

Also the security is very weak in most cases _Fix(output, 16) returns the last 15 characters of output with the first character being the Xor of all previous characters. The last 15 characters of output before _Fix is called only depend on the last four or five characters of the password along with two sums that are modulus 63.

Another problem is this can return binary data with byte values in the range 0 to 127, but this is rare.

Just remember the first rule about cryptography DON'T MAKE YOUR OWN and the second rule is DON'T IMPLEMENT ON YOUR OWN.